×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

PIX allow ICMP requests

Unanswered Question
Mar 4th, 2002
User Badges:

I have two networks connected together via Frame-Relay. One network has a PIX on it. There is an Access-list bound to the inside interface, which is what the Frame-traffic gets routed to.


Why is it, that I can't ping some systems on the network with the PIX? I can ping some systems, and others I can't.


I have "permit ICMP any any" on my access-list, why am I still getting denied on some IP's?? Any ideas?


Aaron Paxson

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
cjacinto Sat, 03/09/2002 - 22:32
User Badges:
  • Cisco Employee,

If you already have icmp any any, do a logging buffered debugging on the pix and do a show log after you ping to see if the pix is denying it or some other acl on the next hop router. It would be a good practice to do a clear log before you do the test.

Make sure you are also trying to reach hosts that have translation, even specifying in the pix the same address or no translation for the inside hosts.

Actions

This Discussion